博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 4435|回复: 0

CheckPoint防火墙跟踪日志中的规则号问题

[复制链接]
发表于 2007-4-15 10:06:21 | 显示全部楼层 |阅读模式
CheckPoint防火墙跟踪日志中的规则号问题

     在Checkpoint防火墙的规则设置中有一个track选项,其可以设置为Log,这样相关于此规则的行为就会被记录,事后可以通过SmartviewTracker来进行记录的分析,从而对防火墙的策略进行调整。

     最近做一些该日志的分析时候发现很多记录里面的触发规则号非常大,根本就没有在设置的规则库之内,

     终于在网上看到相关的文章,这些规则又是SmartDefense捣鬼,虽然没有在规则库出现,但是系统都会给这些SmartDefense的设置分配相应的规则号,下面就是收集到的规则号以及与之相应的事件原因,可能会不全,

如果谁有此内部文档分享一下...

规则号
原因
参考文档
994Blaster WormCPAI-2003-11
995Active Directory Replication with Windows 2003 SP1 (new DCE-RPC)
Workaround: Edit $FWDIR/lib/dcerpc.def
Solution: NG AI R55 HFA_16
996RPC Denial-of-Service attackCPAI-2003-11
997Client tried to switch UUID, also:
Active Directory Replication with Windows 2003 SP1 (new DCE-RPC)
Workaround: Edit $FWDIR/lib/dcerpc.def
CPAI-2003-11
998Malformed packet (Client to Server)CPAI-2003-11
CPAI-2003-32
CPAI-2004-11
999Malformed packet (Server to Client)CPAI-2003-11
1999Welchia/Nachi WormCPAI-2003-31
4999ASN.1 Bit String attackCPAI-2004-07
6991Slammer Worm (Heap Overflow)CPAI-2004-03
6992MS-SQL Information LeakCPAI-2004-03
6993MS-SQL Heap-Overflow attackCPAI-2004-03
6994MS-SQL Denial-of-Service attackCPAI-2004-03
6995MS-SQL Pre-authentication buffer overflowCPAI-2004-03
6996MS-SQL Malformed PacketCPAI-2004-03
6997MS-SQL xp_cmdshell commandCPAI-2004-03
6998MS-SQL sp_start_job commandCPAI-2004-03
6999MS-SQL login with blank passwordCPAI-2004-03
CPAI-2004-43
CPAI-2004-54
9923Telnet Enforcement ViolationCPAI-2005-102
9980Malformed JPEG fileCPAI-2004-42
CPAI-2005-124
9981Malformed ANI fileCPAI-2005-06
9982Malformed GIF fileCPAI-2005-53
9983Malformed PNG fileCPAI-2005-99
9984Malformed AVI fileCPAI-2005-130CPAI-2005-137
9985Malformed TIFF fileCPAI-2005-124
9989Non-MD5 authenticated OSPF protocolCPSA-2004-03
CPAI-2004-37
9990Cisco IOS Denial-of-ServiceCPAI-2003-26
9992Invalid IGMP TrafficCPAI-2005-01
40009Witty Worm (UDP)CPAI-2004-14
92101Windows SMB Protection ViolationCPAI-2005-111
96106VERITAS Backup Exec Unauthorized remote registration attemptCPAI-2005-109
99022SSH: Bock Malformed Key Exchange Init MessageCPAI-2006-069
99111Detected SUN-RPC over TCP/UDP Lookup operationCPAI-2004-57
99135MS Message Queuing Protection ViolationCPAI-2005-112
99143Block FETCH Command Buffer OverflowCPAI-2006-046
99144Block EXAMINE Command Buffer OverflowCPAI-2006-046
99145Block APPEND Command Buffer OverflowCPAI-2006-046
99146Block IMAP Directory TraversalCPAI-2006-070
99179Non-MD5 authenticated BGP protocolCPSA-2004-03
CPAI-2005-08
99249NFS: Illegal Mount RequestCPAI-2006-032
99389LDAP Server remote Denial-of-ServiceCPAI-2006-039
99443Malformed SSL packetCPAI-2004-13
CPAI-2004-19
CPAI-2004-38
99444MS-RPC over CIFS Enforcement violationCPAI-2005-136
99445Microsoft Windows Plug and Play Vulnerability Protection / Zotob wormCPAI-2005-120CPAI-2005-139
99447MS-RPC over CIFS Enforcement violationCPAI-2005-136
99448MS-RPC over CIFS violationCPAI-2005-139
99449MS-RPC over CIFS violationCPAI-2005-140
99450MS-RPC over CIFS violationCPAI-2005-138
99452Block Web Client vulnerability (MS06-008)CPAI-2006-018
99454MS Windows Server Service vulnerability (MS06-040)CPAI-2006-097
99500IKE Aggressive ModeCPAI-2004-15
99501ICMP packet with Null payloadCPAI-2004-20
99520Non MD5-authenticated RIP protocolCPSA-2004-03
99642MS WINS replication protocol over TCP attackCPAI-2004-61
99653Excessive number of DNS Resource RecordsCPAI-2004-49
99654DNS reply shorter than 14 BytesCPAI-2004-49
99670Malformed DHCP option length in packetCPAI-2005-07
99742MS WINS replication protocol over UDP attackCPAI-2004-61
99801Malformed ANI fileCPAI-2005-06
99803Malformed PNG fileCPAI-2005-99
99804Malformed AVI fileCPAI-2005-130
CPAI-2005-137
99805Malformed JPEG fileCPAI-2005-124
99805Block COM Object (MS05-038) VulnerabilityCPAI-2005-117
99807Block COM Object (Msdds.dll) VulnerabilityCPAI-2005-148
99808Block COM Object (Javaprxy.dll)) VulnerabilityCPAI-2005-117
99809Block Mismatched DOM Object (KB 911302) VulnerabilityCPAI-2005-155
99810Block COM Object (MS05-054) VulnerabilityCPAI-2005-158
99811Block IsComponentInstalled Overflow VulnerabilityN/A
99812Block createTextRange Overflow VulnerabilityCPAI-2006-033
99813Block Block RDS.Dataspace MDAC Function Vulnerability (MS06-014)CPAI-2006-043
99814Block mhtml Redirection Vulnerability (CVE-2006-2111)CPAI-2006-044
99815Block COM Object Instantiation Vulnerability(MS06-013)CPAI-2006-072
99816Block COM Object Instantiation Memory Corruption Vulnerability (MS06-021)CPAI-2006-073
99817Block Microsoft JScript Remote Code Execution Vulnerability (MS06-023)CPAI-2006-074
99818Content Protection - Block ART FilesCPAI-2006-080
99877CIFS Brute-Force AttackCPSA-2006-001
99878Malformed Embedded Web FontsCPSA-2006-010
99879Malformed WMF/EMFCPAI-2006-020
99880Malformed BMP FileCPAI-2006-016
910000VERITAS Backup Exec Unauthorized remote registration attemptCPAI-2005-109
910001VERITAS Backup Exec Unauthorized remote registration attemptCPAI-2005-109
910002VERITAS Backup Exec Agent Static Password ProtectionCPAI-2005-121
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-11-25 05:00 , Processed in 0.090495 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表